{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "1025656", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025656"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"}, {"name": "1025657", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025657"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-2092", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1025656", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025656"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb11-15.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"}, {"name": "1025657", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025657"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:46:00.887Z"}, "title": "CVE Program Container", "references": [{"name": "1025656", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025656"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"}, {"name": "1025657", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025657"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-2092", "datePublished": "2011-06-16T23:00:00.000Z", "dateReserved": "2011-05-13T00:00:00.000Z", "dateUpdated": "2024-08-06T22:46:00.887Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*", "matchCriteriaId": "007166D5-D7B0-486C-B4B6-C239906EF8D3", "versionEndIncluding": "4.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FA36866-F153-47DE-871E-D92DBD8A1C2B", "versionEndIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "289238E6-C234-4191-911C-C6F0E51A3E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "8606C261-650F-43AF-BE2D-52DACFB94BBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*", "matchCriteriaId": "37973B36-6229-498A-936E-D621E2ED90C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E1BE8C5-F3EA-4F74-8ABE-BB5A7127DED3", "versionEndIncluding": "9.0.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "123AE8CC-080C-4684-9818-CCEC5ACC1E60", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D59B6009-B1B1-4FE1-8330-777473CF9EEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55624316-BCFD-4555-92F0-EF5271B86081", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "89AE5D48-8552-4DB5-97A3-4D401559AB81", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D2C91FA2-9DBB-4B06-8DBF-D7951A947087", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""}, {"lang": "es", "value": "Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creaci\u00f3n de clases durante la deserializaci\u00f3n de la informci\u00f3n (1) AMF y (2) AMFX, lo que permite a atacantestener un impacto no especificado a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2011-2092", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-16T23:55:01.527", "references": [{"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"}, {"source": "psirt@adobe.com", "url": "http://www.securitytracker.com/id?1025656"}, {"source": "psirt@adobe.com", "url": "http://www.securitytracker.com/id?1025657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025657"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}